From e75ab5a0c1f10616b50bb4a07c9b5b92f0f6c48c Mon Sep 17 00:00:00 2001
From: Dionna Glaze <dionnaglaze@google.com>
Date: Wed, 18 Dec 2024 16:45:31 +0000
Subject: [PATCH 1/5] Add linear privilege level measurement value type

As a means of representing a CPL or VMPL, this provides some extra
semantic understanding. Leaving condition-matching to a later PR.
---
 cddl/corim-frags.mk              |  2 ++
 cddl/linear-privilege-level.cddl |  1 +
 cddl/measurement-values-map.cddl |  1 +
 draft-ietf-rats-corim.md         | 13 +++++++++++++
 4 files changed, 17 insertions(+)
 create mode 100644 cddl/linear-privilege-level.cddl

diff --git a/cddl/corim-frags.mk b/cddl/corim-frags.mk
index 4be149bc..cc3d2c8c 100644
--- a/cddl/corim-frags.mk
+++ b/cddl/corim-frags.mk
@@ -23,6 +23,7 @@ COMID_FRAGS += group-id-type-choice.cddl
 COMID_FRAGS += identity-triple-record.cddl
 COMID_FRAGS += instance-id-type-choice.cddl
 COMID_FRAGS += ip-addr-type-choice.cddl
+COMID_FRAGS += linear-privilege-level.cddl
 COMID_FRAGS += linked-tag-map.cddl
 COMID_FRAGS += mac-addr-type-choice.cddl
 COMID_FRAGS += measured-element-type-choice.cddl
@@ -98,6 +99,7 @@ INTREP_FRAGS += flags-map.cddl
 INTREP_FRAGS += raw-value.cddl
 INTREP_FRAGS += tagged-masked-raw-value.cddl
 INTREP_FRAGS += tagged-bytes.cddl
+INTREP_FRAGS += linear-privilege-level.cddl
 INTREP_FRAGS += mac-addr-type-choice.cddl
 INTREP_FRAGS += ip-addr-type-choice.cddl
 INTREP_FRAGS += ueid.cddl
diff --git a/cddl/linear-privilege-level.cddl b/cddl/linear-privilege-level.cddl
new file mode 100644
index 00000000..e7076fcd
--- /dev/null
+++ b/cddl/linear-privilege-level.cddl
@@ -0,0 +1 @@
+linear-privlevel = int
diff --git a/cddl/measurement-values-map.cddl b/cddl/measurement-values-map.cddl
index da9e5042..26f2eb69 100644
--- a/cddl/measurement-values-map.cddl
+++ b/cddl/measurement-values-map.cddl
@@ -15,5 +15,6 @@ measurement-values-map = non-empty<{
   ? &(name: 11) => text
   ? &(cryptokeys: 13) => [ + $crypto-key-type-choice ]
   ? &(integrity-registers: 14) => integrity-registers
+  ? &(linear-privlevel: 15) => linear-privlevel
   * $$measurement-values-map-extension
 }>
diff --git a/draft-ietf-rats-corim.md b/draft-ietf-rats-corim.md
index 0a33bdc9..577063ce 100644
--- a/draft-ietf-rats-corim.md
+++ b/draft-ietf-rats-corim.md
@@ -1118,6 +1118,19 @@ are acceptable states.
 Integrity Registers can be used to model the PCRs in a TPM or vTPM, in which case the identifier is the register index, or other kinds of vendor-specific measured objects.
 
 
+##### Linear Privilege Level {#sec-comid-linear-privlevel}
+
+A Linear Privilege Level describes an operating privilege for the target environment.
+The convention is that 0 is the highest privilege, and higher numbers correspond to fewer privileges.
+The semantics of the ordering indicate a total inclusion of all higher privilege levels.
+This means that there is no privilege strictly afforded to, e.g., privilege level 3 that isn't also available to privilege level 1.
+
+~~~ cddl
+{::include cddl/linear-privilege-level.cddl}
+~~~
+
+For environments that count privilege in the opposite order, it is recommended to represent the privilege levels with non-positive numbers, where 0 is the lowest privilege, and some negative integer is the highest.
+
 ##### Domain Types {#sec-comid-domain-type}
 
 A domain is a context for bundling a collection of related environments and their measurements.

From 4778105ccc4ee9be03e0074a45ec650708a6f6af Mon Sep 17 00:00:00 2001
From: Dionna Glaze <dionnaglaze@google.com>
Date: Sun, 26 Jan 2025 22:33:45 +0000
Subject: [PATCH 2/5] Add linear privilege level comparison rules

This adds taggs 564 and 565 (563 proposed by PR #297).
The -Infinity is valid diagnostic notation, but our tooling does not
recognize it.
---
 cddl/cbor-tags.txt               |  3 +++
 cddl/linear-privilege-level.cddl |  9 ++++++++-
 cddl/measurement-values-map.cddl |  2 +-
 draft-ietf-rats-corim.md         | 27 ++++++++++++++++++++++++++-
 4 files changed, 38 insertions(+), 3 deletions(-)

diff --git a/cddl/cbor-tags.txt b/cddl/cbor-tags.txt
index 44d260b0..f8ad202c 100644
--- a/cddl/cbor-tags.txt
+++ b/cddl/cbor-tags.txt
@@ -15,3 +15,6 @@ tagged-bytes = #6.560(bytes)
 tagged-cert-path-thumbprint-type = #6.561(digest)
 tagged-pkix-asn1der-cert-type = #6.562(bstr)
 tagged-masked-raw-value = #6.563([
+tagged-int-eq = #6.564(int-eq)
+tagged-int-range = #6.565(int-range)
+
diff --git a/cddl/linear-privilege-level.cddl b/cddl/linear-privilege-level.cddl
index e7076fcd..b850c177 100644
--- a/cddl/linear-privilege-level.cddl
+++ b/cddl/linear-privilege-level.cddl
@@ -1 +1,8 @@
-linear-privlevel = int
+linear-privlevel-type-choice /= signed-integer-range-type-choice
+signed-integer-range-type-choice = int-eq / int-range / tagged-int-eq / tagged-int-range
+int-eq = int
+int-range = [min: inf-int, max: inf-int]
+tagged-int-eq = #6.564(int-eq)
+tagged-int-range = #6.565(int-range)
+inf-int = -Infinity / int / Infinity
+
diff --git a/cddl/measurement-values-map.cddl b/cddl/measurement-values-map.cddl
index 26f2eb69..1702e94b 100644
--- a/cddl/measurement-values-map.cddl
+++ b/cddl/measurement-values-map.cddl
@@ -15,6 +15,6 @@ measurement-values-map = non-empty<{
   ? &(name: 11) => text
   ? &(cryptokeys: 13) => [ + $crypto-key-type-choice ]
   ? &(integrity-registers: 14) => integrity-registers
-  ? &(linear-privlevel: 15) => linear-privlevel
+  ? &(linear-privlevel: 15) => linear-privlevel-type-choice
   * $$measurement-values-map-extension
 }>
diff --git a/draft-ietf-rats-corim.md b/draft-ietf-rats-corim.md
index 577063ce..6f88df50 100644
--- a/draft-ietf-rats-corim.md
+++ b/draft-ietf-rats-corim.md
@@ -1130,6 +1130,8 @@ This means that there is no privilege strictly afforded to, e.g., privilege leve
 ~~~
 
 For environments that count privilege in the opposite order, it is recommended to represent the privilege levels with non-positive numbers, where 0 is the lowest privilege, and some negative integer is the highest.
+The full range if signed integers may be used.
+The signed integer range representation is an inclusive range unless either `min` or `max` are infinite, in which case, each infinity is necessarily exclusive.
 
 ##### Domain Types {#sec-comid-domain-type}
 
@@ -2521,6 +2523,26 @@ If no entry is found, the comparison MUST return false.
 Instead, if an entry is found, the digest comparison proceeds as defined in {{sec-cmp-digests}} after equivalence has been found according to {{sec-comid-integrity-registers}}.
 Note that it is not required for all the entries in the candidate entry to be used during matching: the condition ECT could consist of a subset of the device's register space. In TPM parlance, a TPM "quote" may report all PCRs in Evidence, while a condition ECT could describe a subset of PCRs.
 
+##### Comparison for linear-privlevel entries
+
+The ACS entry value stored under `measurement-values-map` codepoint 15 is a linear privilege level, which must have type `linear-privlevel-type-choice`.
+
+If the entry `linear-privlevel-type-choice` is an `int` or an `int` tagged with #6.564, then comparison with the `int` named as PRIV is as follows.
+
+*  If the condition ECT value for `measurement-values-map` codepoint 15 is an untagged `int` or an `int` tagged with #6.564 then an equality comparison is performed on the `int` components.
+The comparison MUST return true if the value of PRIV is equal to the `int` value in the condition ECT.
+
+*  If the condition ECT value for `measurement-values-map` codepoint 15 is an `int-range` or an `int-range` tagged with #6.565 then a range inclusion comparison is performed.
+The comparison MUST return true if the value of PRIV is greater than or equal to the `min` value in the condition ECT AND the value of PRIV is less or equal to than the `max` value in the condition ECT
+
+If the entry `linear-privilege-type-choice` is an `int-range` or `int-range` tagged with #6.565, then comparison with the pair of `inf-int` values MINPRIV and MAXPRIV is as follows.
+
+*  If the condition ECT value for `measurement-values-map` codepoint 15 is an untagged `int` or an `int` tagged with #6.564 then the comparison MUST return true if and only if MINPRIV and MAXPRIV are equal and finite.
+
+*  If the condition ECT value for `measurement-values-map` codepoint 15 is an `int-range` or an `int-range` tagged with #6.565 then a range subsumption comparison is performed.
+The comparison MUST return true if the value of MINPRIV is greater than or equal to the `min` value of the condition ECT and the value of MAXPRIV is less than or equal to the `max` value of the condition ECT.
+In this case, -Infinity equals -Infinity and Infinity equals Infinity.
+
 ### Profile-directed Comparison {#sec-compare-profile}
 
 A profile MUST specify comparison algorithms for its additions to `$`-prefixed CoRIM CDDL codepoints when this specification does not prescribe binary comparison.
@@ -2651,7 +2673,10 @@ IANA is requested to allocate the following tags in the "CBOR Tags" registry {{!
 |     561 | `digest`            | tagged-cert-path-thumbprint-type, see {{sec-crypto-keys}}     | {{&SELF}} |
 |     562 | `bytes`             | tagged-pkix-asn1der-cert-type, see {{sec-crypto-keys}}        | {{&SELF}} |
 |     563 | `tagged-masked-raw-value` | tagged-masked-raw-value, see {{sec-comid-raw-value-types}} | {{&SELF}} |
-| 564-599 | `any`               | Earmarked for CoRIM                                           | {{&SELF}} |
+|     564 | `int`               | tagged-int-eq, see {{sec-comid-linear-privlevel}}             | {{&SELF}} |
+|     565 | `[int, int]`        | tagged-int-range, see {{sec-comid-linear-privlevel}}          | {{&SELF}} |
+| 566-599 | `any`               | Earmarked for CoRIM                                           | {{&SELF}} |
+>>>>>>> 3b73a92 (Add linear privilege level comparison rules)
 
 Tags designated as "Earmarked for CoRIM" can be reassigned by IANA based on advice from the designated expert for the CBOR Tags registry.
 

From af7248bc7e0889ddcd5c98c188470ff039333736 Mon Sep 17 00:00:00 2001
From: Dionna Glaze <dionnaglaze@google.com>
Date: Wed, 29 Jan 2025 15:14:32 +0000
Subject: [PATCH 3/5] Add privlevel example.

---
 cddl/examples/comid-7.diag | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 cddl/examples/comid-7.diag

diff --git a/cddl/examples/comid-7.diag b/cddl/examples/comid-7.diag
new file mode 100644
index 00000000..3cd5d49d
--- /dev/null
+++ b/cddl/examples/comid-7.diag
@@ -0,0 +1,24 @@
+/ concise-mid-tag / {
+  / comid.tag-identity / 1 : {
+    / comid.tag-id / 0 : h'3827e03b25dd454cb36a679c923af51f'
+  },
+  / comid.entity / 2 : [ {
+    / comid.entity-name / 0 : "ACME Inc.",
+    / comid.reg-id / 1 : 32("https://acme.example"),
+    / comid.role / 2 : [ 0 ] / tag-creator /
+  } ],
+  / comid.triples / 4 : {
+    / comid.reference-triples / 0 : [ [
+      / environment-map / {
+        / comid.instance / 1 : / tagged-pkix-base64-key-type / 554("base64_key_X")
+      },
+      [
+        / measurement-map / {
+          / comid.mval / 1 : {
+            / comid.linear-privlevel / 15 : 565([/ min: / 1, / max: / Infinity])
+          }
+        }
+      ]
+    ] ]
+  }
+}

From 40c8500f0195baa591bb05b0a05fc85e1ade7cde Mon Sep 17 00:00:00 2001
From: Dionna Amalie Glaze <drdeeglaze@gmail.com>
Date: Wed, 29 Jan 2025 21:34:31 -0800
Subject: [PATCH 4/5] Update draft-ietf-rats-corim.md

Co-authored-by: Ned Smith <ned.smith@intel.com>
---
 draft-ietf-rats-corim.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/draft-ietf-rats-corim.md b/draft-ietf-rats-corim.md
index 6f88df50..12483d13 100644
--- a/draft-ietf-rats-corim.md
+++ b/draft-ietf-rats-corim.md
@@ -2533,7 +2533,7 @@ If the entry `linear-privlevel-type-choice` is an `int` or an `int` tagged with
 The comparison MUST return true if the value of PRIV is equal to the `int` value in the condition ECT.
 
 *  If the condition ECT value for `measurement-values-map` codepoint 15 is an `int-range` or an `int-range` tagged with #6.565 then a range inclusion comparison is performed.
-The comparison MUST return true if the value of PRIV is greater than or equal to the `min` value in the condition ECT AND the value of PRIV is less or equal to than the `max` value in the condition ECT
+The comparison MUST return true if the value of PRIV is greater than or equal to the `min` value in the condition ECT AND the value of PRIV is less than or equal to than the `max` value in the condition ECT
 
 If the entry `linear-privilege-type-choice` is an `int-range` or `int-range` tagged with #6.565, then comparison with the pair of `inf-int` values MINPRIV and MAXPRIV is as follows.
 

From 3d7e2e7fcf3d960562aa82608315f5ce874bef7f Mon Sep 17 00:00:00 2001
From: Dionna Glaze <dionnaglaze@google.com>
Date: Thu, 30 Jan 2025 05:35:54 +0000
Subject: [PATCH 5/5] Remove errant change marker.

---
 draft-ietf-rats-corim.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/draft-ietf-rats-corim.md b/draft-ietf-rats-corim.md
index 12483d13..7c68d99b 100644
--- a/draft-ietf-rats-corim.md
+++ b/draft-ietf-rats-corim.md
@@ -2676,7 +2676,6 @@ IANA is requested to allocate the following tags in the "CBOR Tags" registry {{!
 |     564 | `int`               | tagged-int-eq, see {{sec-comid-linear-privlevel}}             | {{&SELF}} |
 |     565 | `[int, int]`        | tagged-int-range, see {{sec-comid-linear-privlevel}}          | {{&SELF}} |
 | 566-599 | `any`               | Earmarked for CoRIM                                           | {{&SELF}} |
->>>>>>> 3b73a92 (Add linear privilege level comparison rules)
 
 Tags designated as "Earmarked for CoRIM" can be reassigned by IANA based on advice from the designated expert for the CBOR Tags registry.